Guru3D Rig of the Month - January 2020
Palit GeForce RTX 2070 SUPER GamingPro review
Team Group T-Force DarkZα 3600 MHz DDR4 review
Corsair Scimitar Elite RGB gaming mouse review
Cougar 700K Evo keyboard review
Aorus Liquid Cooler 360 review
AMD Ryzen Threadripper 3990X review
Corsair A500 CPU air cooler review
Palit GeForce RTX 2080 SUPER GamingPRO review
Lamptron SM436 PCI fan/RGB controller review
GhostDNS: 70+ different types of home routers (100,000+) are being hijacked
Over a 100K routers from brands like D-Link, MikroTik, TP-Link, Huawei and SpeedTouch are currently hijacked and have a changed the DNS server. That way traffic can be re-routed ending up at phishing sites etc.
While not a new methodology, from the 20th of September of this year a large attack was discovered by security researchers. So basically on a malicious website, a script would be executed that sniffs if your router port is open, try to log in (brute force) to your router, that changes credentials and DNS. A lot of users use the default username and password which makes them extra vulnerable. Once the criminals are able to login they change the DNS server address of the router. Currently, the attacks are mainly active in Brazil.
The current attack, discovered by network security lab 360 Netlab, affects more than 70 different routers:
- 3COM OCR-812
- AP-ROUTER
- D-LINK
- D-LINK DSL-2640T
- D-LINK DSL-2740R
- D-LINK DSL-500
- D-LINK DSL-500G/DSL-502G
- Huawei SmartAX MT880a
- Intelbras WRN240-1
- Kaiomy Router
- MikroTiK Routers
- OIWTECH OIW-2415CPE
- Ralink Routers
- SpeedStream
- SpeedTouch
- Tenda
- TP-LINK TD-W8901G/TD-W8961ND/TD-8816
- TP-LINK TD-W8960N
- TP-LINK TL-WR740N
- TRIZ TZ5500E/VIKING
- VIKING/DSLINK 200 U/E
In total, more than 100,000 routers are affected by the attack of which the majority is located in Brazil. As soon as the users browse to specific websites they are redirected to phishing sites. These include online banking sites but also Netflix and hosting companies.
Once again, make sure your router firmware is up-to-date, disable external WAN access, and change your default password.
slyphnier
Senior Member
Posts: 706
Joined: 2009-11-30
Senior Member
Posts: 706
Joined: 2009-11-30
#5591150 Posted on: 10/02/2018 12:41 PM
What a day we live in today..... So many hardware/software vulnerabilities out there its simply amazing anything is up and running ATM. Anything......
Just crazy.....!!
well ATM basically LAN (enclosed-wan) that only connect to banking-network
which separate them from internet-open-world
thats why they not effected much by real-world vulnerabilites... even though probably they share same vulnerabilites
What a day we live in today..... So many hardware/software vulnerabilities out there its simply amazing anything is up and running ATM. Anything......
Just crazy.....!!
well ATM basically LAN (enclosed-wan) that only connect to banking-network
which separate them from internet-open-world
thats why they not effected much by real-world vulnerabilites... even though probably they share same vulnerabilites
Steppzor
Senior Member
Posts: 783
Joined: 2006-02-05
Senior Member
Posts: 783
Joined: 2006-02-05
#5591162 Posted on: 10/02/2018 01:16 PM
Think he ment 'At The Moment' xD
Think he ment 'At The Moment' xD
Brasky
Senior Member
Posts: 2151
Joined: 2011-05-19
Senior Member
Posts: 2151
Joined: 2011-05-19
#5591172 Posted on: 10/02/2018 01:58 PM
Thanks Ron Burgundy! now i know why you're the most trusted name in San Diego!
Think he ment 'At The Moment' xD
Thanks Ron Burgundy! now i know why you're the most trusted name in San Diego!
Mateja
Senior Member
Posts: 101
Joined: 2014-02-01
Senior Member
Posts: 101
Joined: 2014-02-01
#5591209 Posted on: 10/02/2018 03:28 PM
and lo ~ I have a router update! thnx for the heads up! (even updated just a month ago).
if anyone needs help do this:
open file explorer (the folder icon on the taskbar)
click "network" on the left
in windows 10, my wifi router appears under "network infrastructure" as "R7000 (Gateway)"
right click that > "view device webpage"
if it's netgear, The user name is admin, and the password is password
you may see a flag to update firmware at the top of that main page, if not,
click "advanced" tab > click "administration" on the left > "router update"
again, you should see update firmware, but if not click "check"
let it take the time to update and reset your router (no internet for a minute while it resets)
as for your cable modem, google your device model number. if it's like mine, it says that firmware updates are pushed by your ISP so no worries there
other tips to maximize security:
- there may be an option to auto update on your router page (expect to be kicked offline sometimes but who knows maybe it's smarter and knows your idle time like windows 10 updates now)
- keep windows up to date (type 'check for updates' on windows 10 search bar) > click "check now" if they don't appear already
- keep your pc up to date w/ manufacturer software (for me it's the "Lenovo vantage" windows 10 app. this pc updates its bios etc a lot)
- use a wired connection directly from your cable modem to your newest PC (a new chipset that's designed to not have spectre and meltdown vulnerabilities etc).
and lo ~ I have a router update! thnx for the heads up! (even updated just a month ago).
if anyone needs help do this:
open file explorer (the folder icon on the taskbar)
click "network" on the left
in windows 10, my wifi router appears under "network infrastructure" as "R7000 (Gateway)"
right click that > "view device webpage"
if it's netgear, The user name is admin, and the password is password
you may see a flag to update firmware at the top of that main page, if not,
click "advanced" tab > click "administration" on the left > "router update"
again, you should see update firmware, but if not click "check"
let it take the time to update and reset your router (no internet for a minute while it resets)
as for your cable modem, google your device model number. if it's like mine, it says that firmware updates are pushed by your ISP so no worries there
other tips to maximize security:
- there may be an option to auto update on your router page (expect to be kicked offline sometimes but who knows maybe it's smarter and knows your idle time like windows 10 updates now)
- keep windows up to date (type 'check for updates' on windows 10 search bar) > click "check now" if they don't appear already
- keep your pc up to date w/ manufacturer software (for me it's the "Lenovo vantage" windows 10 app. this pc updates its bios etc a lot)
- use a wired connection directly from your cable modem to your newest PC (a new chipset that's designed to not have spectre and meltdown vulnerabilities etc).
Fox2232
Senior Member
Posts: 9939
Joined: 2012-07-20
Senior Member
Posts: 9939
Joined: 2012-07-20
#5591250 Posted on: 10/02/2018 05:01 PM
What a day we live in today..... So many hardware/software vulnerabilities out there its simply amazing anything is up and running ATM. Anything......
Just crazy.....!!
There is no gain from taking infected device down. Gain comes from many sources, like:
- pushing users content hijacker wants
- knowing what victim does
- having access to their data
- coordinated blackout when someone pays for it
- ...
What a day we live in today..... So many hardware/software vulnerabilities out there its simply amazing anything is up and running ATM. Anything......
Just crazy.....!!
There is no gain from taking infected device down. Gain comes from many sources, like:
- pushing users content hijacker wants
- knowing what victim does
- having access to their data
- coordinated blackout when someone pays for it
- ...
Margalus
Senior Member
Posts: 249
Joined: 2016-07-09
Senior Member
Posts: 249
Joined: 2016-07-09
#5591296 Posted on: 10/02/2018 06:44 PM
Maybe some people overlooked the key factor here "change the default password."
Maybe some people overlooked the key factor here "change the default password."
tsunami231
Senior Member
Posts: 9937
Joined: 2003-05-24
Senior Member
Posts: 9937
Joined: 2003-05-24
#5591369 Posted on: 10/02/2018 09:08 PM
seeing as the DNS on this Sagemcom router I have are locked to Spectrum and cant be changed even by me even if I wanted to, let alone fact that it hasnt had FW in years not much I can do with this router I have less, alot people really do need to change there defualt passwords though
seeing as the DNS on this Sagemcom router I have are locked to Spectrum and cant be changed even by me even if I wanted to, let alone fact that it hasnt had FW in years not much I can do with this router I have less, alot people really do need to change there defualt passwords though
sverek
Senior Member
Posts: 5584
Joined: 2011-01-02
Senior Member
Posts: 5584
Joined: 2011-01-02
#5591460 Posted on: 10/03/2018 03:17 AM
So it's not attack on router from outside, but from inside (client side)?
From what I understand, user run JS on compromised website, which find router IP in internal network. Browser then accesses users router via HTTP and changes its settings?
Damn, browsers are scary.
So it's not attack on router from outside, but from inside (client side)?
From what I understand, user run JS on compromised website, which find router IP in internal network. Browser then accesses users router via HTTP and changes its settings?
Damn, browsers are scary.
Tripkebab
Senior Member
Posts: 140
Joined: 2011-01-30
Senior Member
Posts: 140
Joined: 2011-01-30
#5591549 Posted on: 10/03/2018 10:36 AM
Makes me happy to A. have an Asus Router, B have Asus Merlin which is regular updated FW. Now go give that guy a donation =)
Makes me happy to A. have an Asus Router, B have Asus Merlin which is regular updated FW. Now go give that guy a donation =)
DeskStar
Senior Member
Posts: 709
Joined: 2011-01-11
Senior Member
Posts: 709
Joined: 2011-01-11
#5593451 Posted on: 10/07/2018 01:26 PM
Makes me feel good that I never was a person to use default garbage settings just because.
Because if that is why these issues are taking place.....then by all means it is the consumers fault through and through.
I am about to buy a newer router, but I think ill stick out my WNDR4500 for a bit longer until the new....new drops some time next year. Since they're in the mode of changing the standard naming of all routers "capabilities" on their throughput.
Maybe something new will come in the way of a hardware mitigation toward any of these types of vulnerabilities of today.... Maybe??
Makes me feel good that I never was a person to use default garbage settings just because.
Because if that is why these issues are taking place.....then by all means it is the consumers fault through and through.
I am about to buy a newer router, but I think ill stick out my WNDR4500 for a bit longer until the new....new drops some time next year. Since they're in the mode of changing the standard naming of all routers "capabilities" on their throughput.
Maybe something new will come in the way of a hardware mitigation toward any of these types of vulnerabilities of today.... Maybe??
DeskStar
Senior Member
Posts: 709
Joined: 2011-01-11
Senior Member
Posts: 709
Joined: 2011-01-11
#5593452 Posted on: 10/07/2018 01:27 PM
and lo ~ I have a router update! thnx for the heads up! (even updated just a month ago).
if anyone needs help do this:
open file explorer (the folder icon on the taskbar)
click "network" on the left
in windows 10, my wifi router appears under "network infrastructure" as "R7000 (Gateway)"
right click that > "view device webpage"
if it's netgear, The user name is admin, and the password is password
you may see a flag to update firmware at the top of that main page, if not,
click "advanced" tab > click "administration" on the left > "router update"
again, you should see update firmware, but if not click "check"
let it take the time to update and reset your router (no internet for a minute while it resets)
as for your cable modem, google your device model number. if it's like mine, it says that firmware updates are pushed by your ISP so no worries there
other tips to maximize security:
- there may be an option to auto update on your router page (expect to be kicked offline sometimes but who knows maybe it's smarter and knows your idle time like windows 10 updates now)
- keep windows up to date (type 'check for updates' on windows 10 search bar) > click "check now" if they don't appear already
- keep your pc up to date w/ manufacturer software (for me it's the "Lenovo vantage" windows 10 app. this pc updates its bios etc a lot)
- use a wired connection directly from your cable modem to your newest PC (a new chipset that's designed to not have spectre and meltdown vulnerabilities etc).
Are you serious about your user name and password.....?!?!?
and lo ~ I have a router update! thnx for the heads up! (even updated just a month ago).
if anyone needs help do this:
open file explorer (the folder icon on the taskbar)
click "network" on the left
in windows 10, my wifi router appears under "network infrastructure" as "R7000 (Gateway)"
right click that > "view device webpage"
if it's netgear, The user name is admin, and the password is password
you may see a flag to update firmware at the top of that main page, if not,
click "advanced" tab > click "administration" on the left > "router update"
again, you should see update firmware, but if not click "check"
let it take the time to update and reset your router (no internet for a minute while it resets)
as for your cable modem, google your device model number. if it's like mine, it says that firmware updates are pushed by your ISP so no worries there
other tips to maximize security:
- there may be an option to auto update on your router page (expect to be kicked offline sometimes but who knows maybe it's smarter and knows your idle time like windows 10 updates now)
- keep windows up to date (type 'check for updates' on windows 10 search bar) > click "check now" if they don't appear already
- keep your pc up to date w/ manufacturer software (for me it's the "Lenovo vantage" windows 10 app. this pc updates its bios etc a lot)
- use a wired connection directly from your cable modem to your newest PC (a new chipset that's designed to not have spectre and meltdown vulnerabilities etc).
Are you serious about your user name and password.....?!?!?
DeskStar
Senior Member
Posts: 709
Joined: 2011-01-11
Senior Member
Posts: 709
Joined: 2011-01-11
#5593453 Posted on: 10/07/2018 01:29 PM
Buy your own router/modem. You are not locked into using their shtuff at all.
seeing as the DNS on this Sagemcom router I have are locked to Spectrum and cant be changed even by me even if I wanted to, let alone fact that it hasnt had FW in years not much I can do with this router I have less, alot people really do need to change there defualt passwords though
Buy your own router/modem. You are not locked into using their shtuff at all.
tsunami231
Senior Member
Posts: 9937
Joined: 2003-05-24
Senior Member
Posts: 9937
Joined: 2003-05-24
#5593514 Posted on: 10/07/2018 05:54 PM
Buy your own router/modem. You are not locked into using their shtuff at all.
yah i know I want to get the asus 86u but i have not done so yet, what is probably gona happen is I just gone use the asus 66u that currently being used at the house in nj though
Buy your own router/modem. You are not locked into using their shtuff at all.
yah i know I want to get the asus 86u but i have not done so yet, what is probably gona happen is I just gone use the asus 66u that currently being used at the house in nj though
DeskStar
Senior Member
Posts: 709
Joined: 2011-01-11
Senior Member
Posts: 709
Joined: 2011-01-11
#5593734 Posted on: 10/08/2018 11:35 AM
Right on. I'm in the realm of looking also, but want to let his crazy dust settle before buying into these routers that have been on the market for a few years already.
Trying to hold out, but this N900 is starting to show its lack of throughput at its age.
yah i know I want to get the asus 86u but i have not done so yet, what is probably gona happen is I just gone use the asus 66u that currently being used at the house in nj though
Right on. I'm in the realm of looking also, but want to let his crazy dust settle before buying into these routers that have been on the market for a few years already.
Trying to hold out, but this N900 is starting to show its lack of throughput at its age.
Click here to post a comment for this news story on the message forum.
Senior Member
Posts: 709
Joined: 2011-01-11
What a day we live in today..... So many hardware/software vulnerabilities out there its simply amazing anything is up and running ATM. Anything......
Just crazy.....!!